Guide to the Secure Configuration of Red Hat Enterprise Linux 7
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Remove the X Windows Package Group
By removing the xorg-x11-server-common package, the system no longer has X Windows installed. If X Windows is not installed then the system cannot boot into graphical user mode. This prevents the s...Rule Medium Severity -
Disable graphical user interface
By removing the following packages, the system no longer has X Windows installed. <code>xorg-x11-server-Xorg xorg-x11-server-common xorg-x11-server-utils</code> If X Windows is not installed the...Rule Medium Severity -
Introduction
The purpose of this guidance is to provide security configuration recommendations and baselines for the Red Hat Enterprise Linux 7 operating system. Recommended settings for the basic operating sys...Group -
Encrypt Transmitted Data Whenever Possible
Data transmitted over a network, whether wired or wireless, is susceptible to passive monitoring. Whenever practical solutions for encrypting such data exist, they should be applied. Even if data i...Group -
Least Privilege
Grant the least privilege necessary for user accounts and software to perform tasks. For example, <code>sudo</code> can be implemented to limit authorization to super user accounts on the system on...Group -
Minimize Software to Minimize Vulnerability
The simplest way to avoid vulnerabilities in software is to avoid installing that software. On Red Hat Enterprise Linux 7,the RPM Package Manager (originally Red Hat Package Manager, abbreviated RP...Group -
Run Different Network Services on Separate Systems
Whenever possible, a server should be dedicated to serving exactly one network service. This limits the number of other services that can be compromised in the event that an attacker is able to suc...Group -
Configure Security Tools to Improve System Robustness
Several tools exist which can be effectively used to improve a system's resistance to and detection of unknown attacks. These tools can improve robustness against attack at the cost of relatively l...Group -
How to Use This Guide
Readers should heed the following points when using the guide.Group -
Formatting Conventions
Commands intended for shell execution, as well as configuration file text, are featured in a <code>monospace font</code>. <i>Italics</i> are used to indicate instances where the system administrato...Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules